Auto-Complete has always given me a slight worry over the years but I have still used it to complete those tedious forms when purchasing goods online as I am sure many people have.
But confirming this worry Jeremiah Grossman of White Hat Security has explained to The Register that users who allow their browsers to auto-complete frequently used form fields, such as names or email addresses, may become an easy target for data thieves.
To collect the data a simple website can be constructed with a form with various input fields with typical labels: name, email address or credit card number.
A script is then created which tries out all possible first letters in these fields. This triggers the auto-complete feature which kicks in once the first character has been entered. If the browser auto-completes the letter to make a word, the script processes the entered value. All taking place invisibly behind the scenes of the site form.
Jeremiah has informed Apple of the security but as yet has now received a reply.
Via Heise SecurityFiled Under: Technology News